Enabling HTTPBoot plugin for Foreman 1.20

jhutar · February 28, 2019, 2:22pm

UEFI clients are capable of booting from HTTP or HTTPS if they are given a valid URL via DHCP filename option. Publishing required files is achieved with module which will publish tftp directory via http and https on /EFI endpoint for HTTP BOOT UEFI and /httpboot for generic http boot (iPXE) with the same content. Because we do lack installer support for this feature for now, few steps are needed to configure Foreman so it servers boot files over http:

Enable HTTPBoot plugin: in /etc/foreman-proxy/settings.d/httpboot.yml set :enabled: true
Restart services, so config change will take effect:
# foreman-maintain service restart
In webUI refresh integrated capsules features with Infrastructure -> Capsules -> <foreman’s capsule> -> Refresh features and make sure “HTTPBoot” is now listed in “Active features” there
Assign this HTTPBoot capsule to to the subnet(s): Infrastructure -> Subnets -> -> Capsules and select the capsule and press “Submit”
Now when creating a host, on “Operating system” tab set “PXE Loader” to “Grub2 UEFI HTTP”

This will cause UEFI firmware on provisioned machine to download the following loader according to the settings (assuming that smart-proxy is registered to foreman via standard port 8443 or 9090 for katello setup):

Smart Proxy HTTPBoot feature set in a Subnet + Grub2 UEFI HTTP: http://<httpboot_proxy>:8443/httpboot/grub2/grubx64.efi. (*)
Smart Proxy HTTPBoot feature set in a Subnet + Grub2 UEFI HTTPS: https://<httpboot_proxy>:8443/httpboot/grub2/grubx64.efi.
Smart Proxy HTTPBoot feature not set in a Subnet + Grub2 UEFI HTTP: http://<unattended_url>/httpboot/grub2/grubx64.efi.
Smart Proxy HTTPBoot feature not set in a Subnet + Grub2 UEFI HTTPS: https://<unattended_url>/httpboot/grub2/grubx64.efi. (*)

(*) - these combination will not work since protocol and port will not match. As you can see, this still needs more love. The PXE Loader code needs to be extended to recognize which HTTP and HTTPS ports are used for a given capsule and set that appropriately.

The grubx64.efi file is being served from well known /var/lib/tftpboot/... directory.

ekohl · February 28, 2019, 7:35pm

To fix this oversight I’ve created a PR. I’d welcome feedback. If this works in nightly I’d be happy to backport this to 1.21.1 and 1.20.3.

lzap · March 1, 2019, 7:18am

Thanks, I’ve converted the OP to wiki and made some changes. I realized that some combinations will not work with the current codebase and we need to do some changes unfortunately. With some bit of attention tho, HTTPBoot feature is usable.

harper5 · November 18, 2019, 6:21pm

I’m not sure if I have found your wiki entry or not. Is it this one: Fetch boot files via http instead of TFTP - Foreman If not, can you paste the link here, please?

lzap · November 19, 2019, 8:08am

No, I just changed the original post to wiki (Discourse) so others can contribute and made some small improvements. The wiki you refer to is something different.

Stefan_Lasiewski · August 25, 2020, 2:39am

What are Capsules? That’s not an option in my Foreman interface.

(Maybe it’s different in different languages? I’m in the USA.)

mcorr · August 25, 2020, 9:27am

In Red Hat’s productized version of Foreman, Smart Proxies are called Capsules.
Apologies for any confusion!

Stefan_Lasiewski · August 25, 2020, 8:20pm

No problem. Thanks for the clarification. Good to know.